From My Virtual Desktop: Root Password for XenServer Lost?

This blog stems from a situation an client and XenServer Administrator encountered with XenServer 6.2: you know who you are and I appreciate your time and efforts as I know we were working blindly for a bit!

This also applies to XenServer 5.x and prior 6.x versions, as well.

The Situation

In this particular case there was a loss of power to a XenServer and the root password was not documented. To add an air of difficulty to the situation we were also working with out iLO or iDRAC. While previous CTX articles related to resetting/recovering a XenServer’s root password still stand correct, these did not help with regards to XenServer 6.2 and why I have written this blog as well as submitted a new CTX article for XenServer 6.2.

The Problem

Be it forgetfulness, change of guard, another Admin changing the password, or simply a typo in company documentation, the core problem being address via this post is that one cannot connect to XenServer 6.2 as the root password is… lost or forgotten.

As a secondary problem, one has lost patience and has obtained physical or iLO/iDRAC access to the XenServer in question, but still the root password is not right:

The Shortest Solution: Breaking The Law of Physical Security

Yup, I am not encouraging hacking, but merely pointing out that physical access is the first step in securing a system and that physical interaction with the XenServer in question is the simplest solution to this problem. As I have mentioned in previous blogs, I am a huge fan of Occam’s Razor. In short, his razor can be described that the simplest solution is usually the correct one. With a simple trajectory to resetting the root password while keeping Occam’s philosophical razor in mind, know that:

– One will need physical, iLO, iDRAC, or other remote access

– One’s XenServer will have to be rebooted and any running VMs will be shutoff

– Obviously, any new root password should be documented for fellow Administrators

With disclaimers aside I now highly recommend reading and reviewing the steps outlined below before going through the motions! Some steps are time sensitive, so being prepared is merely a part of the overall plan to success!

1. After gaining physical or iLO/iDRAC access to the XenServer in question, reboot it! With iLO and iDRAC, there are options to hard or soft reset a system and either option is fine.

2. Burn the following image into your mind for after the server reboots and runs through hardware BIOS/POST tests, you will see the following for 5 seconds (or so):

Immediately grab the keyboard and enter the following:

menu.c32 (press enter)

3. The menu.c32 boot prompt will appear and again, you will only have 5 or so seconds to select the “XE” entry and pressing tab to edit boot options:

4. Now, at the bottom of the screen one will see the boot entry information. Don’t worry, you have time so make sure it is similar to the following:

5. Near the end of the repeating line, by “console=tty0 quiet vga=785 splash” delete everything before “console=tty0” (that is a Zero) with:

linux single

6. With that completed, simply press enter as to boot into Linux’s single user mode. You should eventually be dropped into a command line prompt (as illustrated below):

7. Finally, we can reset the root password to something one can remember by executing the Linux command:

passwd

8. When prompted, enter the new root user password: you will be asked to verify it and upon success you should see the following:

9. Now, enter the following command to reboot the XenServer in question:

reboot

10. Obviously, this will reboot the XenServer as illustrated below:

11. Let the system fully reboot and present the xsconsole. To verify that the new password has taken affect, select “Local Command Shell” from xsconsole. This will require you to authenticate as the root user:

12. If successful you will be dropped to the local command shell and this also means you can reconnect and manage this XenServer via XenCenter with the new root password!